Ransomware Hits IDOM Senegal S.A. by Lynx Group
Incident Date:
September 4, 2024
Overview
Title
Ransomware Hits IDOM Senegal S.A. by Lynx Group
Victim
IDOM Senegal S.A
Attacker
Lynx
Location
First Reported
September 4, 2024
Ransomware Attack on IDOM Senegal S.A. by Lynx Group
About IDOM Senegal S.A.
IDOM Senegal S.A. is a subsidiary of IDOM, a multinational corporation headquartered in Bilbao, Spain. The company specializes in consulting, engineering, and architectural services, with a significant presence in the construction sector. IDOM Senegal S.A. plays a crucial role in the development of infrastructure and technology projects in Senegal, including the high-profile Technology Park in Diamniadio. This project, part of the Senegal Emergent Plan, aims to bolster the country's ICT sector by creating a digital hub for economic growth.
With a workforce of over 4,000 professionals across 34 offices in 17 countries, IDOM has completed more than 30,000 projects globally. The company's commitment to sustainability and innovation sets it apart in the industry, as evidenced by its LEED Gold-certified headquarters and numerous environmentally friendly projects.
Attack Overview
The ransomware attack on IDOM Senegal S.A. was discovered on September 5, 2024. While the extent of the data leak remains unclear, the incident underscores the vulnerabilities faced by organizations in the construction and engineering sectors. The Lynx ransomware group, which emerged in July 2024, claimed responsibility for the attack via their dark web leak site.
About Lynx Ransomware Group
The Lynx ransomware group has quickly gained notoriety since its emergence in July 2024. By September, the group had claimed over 20 victims across various sectors, including finance, manufacturing, IT, and retail. Lynx employs both single and double extortion tactics, encrypting files and exfiltrating data to pressure victims into paying ransoms. The group positions itself as "ethical," claiming to avoid targeting critical sectors such as government institutions, hospitals, and non-profits.
Lynx ransomware encrypts files and appends the ".LYNX" extension, placing ransom notes on victims' desktops and directories. The group uses a Tor network link for communication, urging victims to contact them for resolution. Analysts have noted similarities between Lynx and the INC ransomware, although there is insufficient evidence to conclusively link the two.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.